[pass] totp enhancement

Alexandre Pujol alexandre at pujol.io
Wed Aug 5 15:57:14 CEST 2015


Maybe I'm wrong, but in my opinion it is a mistake to use a password 
manager in order to store OTP secrets.

The aim of an TFA is to increase the auth security requiring the 
combination of two different components. For instance something you know 
(a password) and something you've got (a key, a OTP generated on your 
mobile or on a security device...).

Therefore if you store your OTP secrets in the same place than all your 
passwords it makes the whole thing pointless.


On 05/08/15 12:50, admin wrote:
> Hello,
> I'm apologize for my poor english and my bad code... But I tried to 
> add a functionality to allow password-store to generate a time otp. 
> It's very useful for websites requesting a 2FA totp like google or 
> github. See my fork of the master github password-store :
> https://github.com/Gambiit/password-store
> Thanks a lot for password-store, Best regards :)
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20150805/ae193a97/attachment.html>

More information about the Password-Store mailing list